[go: up one dir, main page]

US20190305939A1 - Vehicle communication system and vehicle communication method - Google Patents

Vehicle communication system and vehicle communication method Download PDF

Info

Publication number
US20190305939A1
US20190305939A1 US16/362,989 US201916362989A US2019305939A1 US 20190305939 A1 US20190305939 A1 US 20190305939A1 US 201916362989 A US201916362989 A US 201916362989A US 2019305939 A1 US2019305939 A1 US 2019305939A1
Authority
US
United States
Prior art keywords
vehicle
message
encrypted message
communication
network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
US16/362,989
Other versions
US11218309B2 (en
Inventor
Masashi Nakagawa
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Toyota Motor Corp
Original Assignee
Toyota Motor Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Toyota Motor Corp filed Critical Toyota Motor Corp
Assigned to TOYOTA JIDOSHA KABUSHIKI KAISHA reassignment TOYOTA JIDOSHA KABUSHIKI KAISHA ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: NAKAGAWA, MASASHI
Publication of US20190305939A1 publication Critical patent/US20190305939A1/en
Application granted granted Critical
Publication of US11218309B2 publication Critical patent/US11218309B2/en
Active legal-status Critical Current
Adjusted expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/006Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving public key infrastructure [PKI] trust models
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/061Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/088Usage controlling of secret information, e.g. techniques for restricting cryptographic keys to pre-authorized uses, different access levels, validity of crypto-period, different key- or password length, or different strong and weak cryptographic algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/009Security arrangements; Authentication; Protecting privacy or anonymity specially adapted for networks, e.g. wireless sensor networks, ad-hoc networks, RFID networks or cloud networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/30Services specially adapted for particular environments, situations or purposes
    • H04W4/40Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P]
    • H04W4/44Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P] for communication between vehicles and infrastructures, e.g. vehicle-to-cloud [V2C] or vehicle-to-home [V2H]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/30Services specially adapted for particular environments, situations or purposes
    • H04W4/40Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P]
    • H04W4/48Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P] for in-vehicle communication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/84Vehicles

Definitions

  • the present disclosure relates to a vehicle communication system and a vehicle communication method for transmitting and receiving an encrypted message.
  • Japanese Laid-Open Patent Publication No. 2013-201510 describes an example of such a vehicle communication system.
  • a device for relaying data from one node to another node centrally manages whether or not to encrypt a message.
  • the message encryption is managed in a unit of a combination of a bus connected to a transmission-side node and a bus connected to a reception-side node.
  • the nodes do not need to have a message encryption function. This reduces the load on the nodes and increases the security of data communication.
  • a predetermined node when the reception-side node is configured by nodes connected to a vehicle network, a predetermined node receives an encrypted message via the vehicle network and decrypts the received message.
  • the predetermined node sequentially transfers the decrypted message to other nodes via the vehicle network. That is, when the encrypted message is shared between the nodes connected to the vehicle network, the same message before and after the decryption is doubly transmitted to the vehicle network. This increases the communication load on the vehicle network.
  • Example 1 A vehicle communication system is provided.
  • the vehicle communication system includes an onboard device and one or more vehicle controllers connected to a vehicle network.
  • the onboard device is configured to transfer an encrypted message encrypted outside a vehicle to the one or more vehicle controllers connected to the vehicle network, when the encrypted message is an individual message to one of the vehicle controllers, transmit the encrypted message to the one of the vehicle controllers via the vehicle network, and when the encrypted message is a common message to the one or more vehicle controllers, decrypt the encrypted message using an encryption key owned by the onboard device and then transmit the decrypted message to the one or more vehicle controllers via the vehicle network.
  • the above-described configuration avoids double transmission of the same message before and after decryption to the vehicle network and thus reduces the communication load on the vehicle network.
  • Example 2 In the vehicle communication system according to Example 1, the attribute information related to a message destination may be attached to the encrypted message and that the onboard device may be configured to determine a destination of the encrypted message based on the attribute information.
  • the above-described configuration allows for determination of whether the encrypted message is an individual message to each ECU or a common message to the ECUs without decrypting the encrypted message.
  • Example 3 In the vehicle communication system according to Example 1 or 2, the vehicle communication system may further include a communication device that receives the encrypted message from outside the vehicle and a communication line that connects the onboard device to the communication device.
  • the communication line differs from the vehicle network.
  • the encryption key managed by the onboard device can be shared with the communication device without using the vehicle network. This increases the security of the system.
  • Example 4 In the vehicle communication system according to any one of Examples 1 to 3, the vehicle communication system may further include a network management device that manages communication of the encrypted message via the vehicle network and that the network management device be configured to share the encryption key with the onboard device through authentication between the network management device and the onboard device.
  • a network management device that manages communication of the encrypted message via the vehicle network and that the network management device be configured to share the encryption key with the onboard device through authentication between the network management device and the onboard device.
  • the onboard device obtains the encryption key, which is used to decrypt the encrypted message, through authentication between the onboard device and the network management device.
  • the onboard device cannot decrypt the encrypted message. This increases the security of the system.
  • the vehicle network may include a first vehicle network connected to the onboard device and a second vehicle network connected to the onboard device via the network management device.
  • the network management device may also be configured to, when receiving the encrypted message of which a destination is a vehicle controller connected to the second vehicle network, transmit the encrypted message to the vehicle controller via the second vehicle network.
  • the network management device may also be configured to, when receiving the encrypted message of which destinations are one or more vehicle controllers connected to the second vehicle network, decrypt the encrypted message using the encryption key owned by the network management device and then transmit the decrypted message to the one or more vehicle controllers connected to the second vehicle network via the second vehicle network.
  • the onboard device When the onboard device transmits the encrypted message to the onboard controller connected to the second communication bus, the onboard device transmits the encrypted message to the network management device via the first communication bus without decrypting the encrypted message.
  • the onboard device connected to the first communication bus in an unauthorized manner cannot obtain the content of the encrypted message. This increases the security of the system.
  • Example 6 A vehicle communication method for executing the processes described in Examples 1 to 5 is provided.
  • Example 7 A non-transitory computer-readable storage medium that stores a program causing a processor to execute the processes described in examples 1 to 5 is provided.
  • FIG. 1 is a block diagram illustrating the schematic configuration of a vehicle communication system according to a first embodiment of the present disclosure
  • FIG. 2 is a schematic diagram illustrating an example of the data configuration of an encrypted message in the vehicle communication system of FIG. 1 ;
  • FIG. 3 is a sequence chart illustrating the flow of processes for transmitting an individual message to ECUs in the vehicle communication system of FIG. 1 ;
  • FIG. 4 is a sequence chart illustrating the flow of processes for transmitting a common message to the ECUs in the vehicle communication system of FIG. 1 ;
  • FIG. 5 is a block diagram illustrating the schematic configuration of a vehicle communication system according to a second embodiment
  • FIG. 6 is a sequence chart illustrating the flow of processes for transmitting a common message to the ECUs connected to a first communication bus and a second communication bus in the vehicle communication system of FIG. 5 ;
  • FIG. 7 is a sequence chart illustrating the flow of processes for transmitting a common message to the ECUs connected to the second communication bus in the vehicle communication system of FIG. 5 .
  • a vehicle communication system according to a first embodiment of the present disclosure will now be described with reference to FIGS. 1 to 4 .
  • the vehicle communication system of the present embodiment includes an information center located outside the vehicle.
  • the information center uses an encryption key for encrypted communication with a relay (onboard device) to encrypt a message.
  • the relay transfers the encrypted message to ECUs (vehicle controllers) connected to a first communication bus (vehicle network).
  • a vehicle 100 includes a bus management device 110 , ECUs 120 , an onboard communication device 140 , and a relay 130 .
  • the bus management device 110 controls transmission and reception of communication data via communication buses NW 1 and NW 2 .
  • the bus management device 110 is connected to a plurality of (two in the example shown in FIG. 1 ) ECUs 120 , the relay 130 , and the onboard communication device 140 via the first communication bus NW 1 . Further, the bus management device 110 is connected to a plurality of (two in the example shown in FIG. 1 ) ECUs 120 via the communication bus NW 2 .
  • the onboard communication device 140 is connected to the bus management device 110 via the communication bus NW 1 . That is, the onboard communication device 140 is connected to the communication bus NW 2 via the communication bus NW 1 and the bus management device 110 .
  • the bus management device 110 acts as a network management device that manages the communication of an encrypted message MS via the communication networks NW 1 and NW 2 .
  • Each ECU 120 is an electronic controller that performs various types of vehicle control.
  • the ECUs 120 are classified into, for example, a drive ECU 120 , an information ECU 120 , and a body ECU 120 for each group of the ECUs 120 connected to the same communication buses NW 1 and NW 2 .
  • each ECU 120 manages (owns) a first secret key K 1 as an individual encryption key for the ECU 120 .
  • the relay 130 is connected to the onboard communication device 140 , which communicates with the information center 200 , via a communication line S 1 that differs from the communication bus NW 1 .
  • the relay 130 manages a second secret key K 2 as an encryption key unique to the relay 130 .
  • the onboard communication device 140 obtains, via the communication line S 1 , the second secret key K 2 managed by the relay 130 . Further, the onboard communication device 140 obtains, via the communication buses NW 1 and NW 2 , a first public key K 3 paired with the first secret key K 1 managed by each ECU 120 and a second public key K 4 paired with the second secret key K 2 managed by the relay 130 . Then, the onboard communication device 140 transmits these obtained public keys K 3 and K 4 to the information center 200 located outside the vehicle.
  • the information center 200 includes a vehicle information server 210 and a center communication device 220 .
  • the vehicle information server 210 includes a vehicle information database 211 that manages the vehicle information of vehicles 100 .
  • the vehicle information includes a preset value used to control the vehicle by each ECU 120 , which is installed in the vehicle 100 . Further, the vehicle information server 210 manages the public keys K 3 and K 4 received via the center communication device 220 .
  • the vehicle information server 210 encrypts the vehicle information read from the vehicle information database 211 using the first public key K 3 or the second public key K 4 to generate an encrypted message. Then, the vehicle information server 210 transmits the generated encrypted message to the vehicle 100 via the center communication device 220 .
  • the encrypted message MS includes a message region M 1 and an attribute flag M 2 .
  • the message region M 1 includes vehicle information subject to encryption.
  • the attribute flag M 2 includes flag information indicating whether the first public key K 3 or the second public key K 4 has been used to encrypt the encrypted message MS.
  • the attribute flag M 2 is excluded from the subject of encryption.
  • the onboard communication device 140 When receiving the encrypted message MS from the information center 200 , the onboard communication device 140 reads the flag information included in the attribute flag M 2 without decrypting the encrypted message MS. Further, the onboard communication device 140 determines the destination of the encrypted message MS based on the flag information read from the encrypted message MS. That is, the attribute flag M 2 includes attribute information related to a message destination, and the encrypted message MS includes the attribute flag M 2 so that the attribute information related to a message destination is attached to the encrypted message MS.
  • the onboard communication device 140 determines that the encrypted message MS is an individual message directed to a specific ECU 120 .
  • the onboard communication device 140 transmits the encrypted message MS to the specific ECU 120 , which is the destination of the encrypted message MS, via the first communication bus NW 1 without decrypting the encrypted message MS.
  • the specific ECU 120 decrypts the encrypted message MS using the first secret key K 1 managed by the ECU 120 to obtain the vehicle information included in the message region M 1 .
  • the onboard communication device 140 determines that the encrypted message MS is a common message directed to the ECUs 120 connected to the communication buses NW 1 and NW 2 .
  • the onboard communication device 140 decrypts the encrypted message MS using the second secret key K 2 managed by the onboard communication device 140 and then transmits the decrypted message to the ECUs 120 , which are the destinations of the encrypted message MS, via the first communication bus NW 1 .
  • the ECU 120 obtains the vehicle information included in the message region M 1 of the received message.
  • the vehicle information server 210 first encrypts a message including vehicle information using the first public key K 3 . Then, the vehicle information server 210 instructs the center communication device 220 to transmit the encrypted message MS.
  • the center communication device 220 transmits the encrypted message MS to the onboard communication device 140 based on the instruction from the vehicle information server 210 .
  • the onboard communication device 140 determines the destination of the message based on the attribute flag M 2 of the encrypted message MS received from the vehicle information server 210 .
  • the first public key K 3 is used for message encryption.
  • the onboard communication device 140 determines that the destinations of the message are specific ECUs 120 connected to the communication buses NW 1 and NW 2 .
  • the onboard communication device 140 transmits the encrypted message MS to the first communication bus NW 1 without decrypting the encrypted message MS.
  • Each ECU 120 connected to the first communication bus NW 1 identifies the destination of the encrypted message MS transmitted to the first communication bus NW 1 from the onboard communication device 140 .
  • the ECU 120 receives the encrypted message MS transmitted to the first communication bus NW 1 .
  • the ECU 120 obtains the vehicle information included in the encrypted message MS received from the first communication bus NW 1 by decrypting the encrypted message MS using the first secret key K 1 .
  • the ECU 120 discards the encrypted message MS transmitted to the first communication bus NW 1 .
  • the onboard communication device 140 obtains the second secret key K 2 managed by the relay 130 via the communication line S 1 .
  • the vehicle information server 210 first encrypts a message including vehicle information using the second public key K 4 . Then, the vehicle information server 210 instructs the center communication device 220 to transmit the encrypted message MS.
  • the center communication device 220 transmits the encrypted message MS to the onboard communication device 140 based on the instruction from the vehicle information server 210 .
  • the onboard communication device 140 determines the destination of the message based on the attribute flag M 2 of the encrypted message MS received from the vehicle information server 210 .
  • the second public key K 4 is used for message encryption.
  • the onboard communication device 140 determines that the ECUs 120 connected to the communication buses NW 1 and NW 2 are the destinations of the message.
  • the onboard communication device 140 decrypts the encrypted message MS using the second secret key K 2 and then transmits the decrypted message to the first communication bus NW 1 .
  • Each ECU 120 connected to the first communication bus NW 1 identifies the destination of the decrypted message transmitted to the first communication bus NW 1 from the onboard communication device 140 .
  • the ECU 120 receives the decrypted message transmitted to the first communication bus NW 1 .
  • the ECU 120 obtains the vehicle information included in the decrypted message received from the first communication bus NW 1 .
  • the ECU 120 discards the decrypted message transmitted to the first communication bus NW 1 .
  • the bus management device 110 connected to the first communication bus NW 1 identifies the destination of the decrypted message transmitted to the first communication bus NW 1 from the relay 130 .
  • the bus management device 110 receives the decrypted message transmitted to the first communication bus NW 1 .
  • the bus management device 110 transmits the decrypted message received from the first communication bus NW 1 to the second communication bus NW 2 .
  • the ECU 120 which is the destination of the decrypted message, receives the decrypted message from the second communication bus NW and obtains the vehicle information included in the received decrypted message.
  • the bus management device 110 discards the decrypted message transmitted to the first communication bus NW 1 .
  • the encrypted message MS transmitted from the information center 200 may be a common message of which destinations are the ECUs 120 installed in the vehicle 100 .
  • the communication load on the communication buses NW 1 and NW 2 is heavy. This may result in communication delay and communication error of messages.
  • the onboard communication device 140 when the onboard communication device 140 receives the encrypted message MS from the information center 200 , the onboard communication device 140 determines whether or not the encrypted message MS is a common message based on the attribute flag attached to the encrypted message MS. When determining that the encrypted message MS is a common message, the onboard communication device 140 decrypts the encrypted message MS and then transmits the decrypted message to the first communication bus NW 1 . This avoids double transmission of the same message before and after decryption to the communication buses NW 1 and NW 2 and thus reduces the communication delay and communication errors of messages.
  • the first embodiment has the following advantages.
  • the attribute flag M 2 which is related to a message destination, is attached to the encrypted message MS. This allows the onboard communication device 140 to determine whether the encrypted message MS is an individual message to each ECU 120 or a common message to the ECUs 120 without decrypting the encrypted message MS.
  • the relay 130 is connected to the onboard communication device 140 , which receives the encrypted message MS from outside the vehicle, via the communication line S 1 , which differs from the communication bus NW 1 .
  • the second secret key K 2 managed by the relay 130 can be shared with the onboard communication device 140 without using the first communication bus NW 1 . This increases the security of the system.
  • a vehicle communication system according to a second embodiment of the present disclosure will now be described with reference to FIGS. 5 to 7 .
  • the second embodiment differs from the first embodiment in an encryption key used to encrypt a common message to ECUs.
  • the following description focuses on the configuration that differs from the first embodiment.
  • the configuration that is the same as or corresponds to the first embodiment will not be described.
  • the relay 130 shares a session key K 5 managed by the bus management device 110 with the bus management device 110 through authentication between the relay 130 and the bus management device 110 prior to receiving the encrypted message MS from the information center 200 .
  • Authentication is, for example, of a challenge-response type.
  • the vehicle information server 210 shares a session key K 5 managed by the bus management device 110 with the bus management device 110 through authentication between the relay 130 and the bus management device 110 prior to transmitting the encrypted message MS to the vehicle 100 .
  • the vehicle information server 210 encrypts the message using the session key K 5 and then transmits the encrypted message to the vehicle 100 .
  • the onboard communication device 140 transfers the encrypted message MS received from the vehicle information server 210 to the relay 130 via the communication line S 1 . Then, based on the attribute flag M 2 attached to the encrypted message MS received from the onboard communication device 140 , the relay 130 determines whether or not the encrypted message MS is a common message of which destinations are the ECUs 120 . When determining that the encrypted message MS is the common message, the relay 130 determines whether the destination of the common message is an ECU 120 connected to the first communication bus NW 1 or an ECU 120 connected to the second communication bus NW 2 based on the attribute flag M 2 attached to the encrypted message MS.
  • the relay 130 When determining that the destination of the common message is the ECU 120 connected to the first communication bus NW 1 , the relay 130 decrypts the encrypted message MS using the session key K 5 managed by the relay 130 and then transmits the decrypted message to the first communication bus NW 1 .
  • the relay 130 When the relay 130 selectively determines that the ECU 120 connected to the second communication bus NW 2 is the destination of the common message instead of the ECU 120 connected to the first communication bus NW 1 , the relay 130 transfers the encrypted message MS to the bus management device 110 via the first communication bus NW 1 without decrypting the encrypted message MS.
  • the bus management device 110 decrypts the encrypted message MS transferred from the relay 130 using the session key K 5 managed by the bus management device 110 and then transmits the decrypted encrypted message MS to the second communication bus NW 2 .
  • the bus management device 110 prior to transmitting the encrypted message MS, the bus management device 110 distributes the session key K 5 to the vehicle information server 210 after performing authentication between the bus management device 110 and the vehicle information server 210 . Further, the bus management device 110 distributes the session key K 5 to the relay 130 after performing authentication between the bus management device 110 and the relay 130 .
  • the vehicle information server 210 encrypts a message including vehicle information using the session key K 5 distributed from the bus management device 110 . Then, the vehicle information server 210 instructs the center communication device 220 to transmit the encrypted message MS.
  • the center communication device 220 transmits the encrypted message MS to the onboard communication device 140 based on the instruction from the vehicle information server 210 .
  • the onboard communication device 140 transfers the encrypted message MS received from the vehicle information server 210 to the relay 130 via the communication line S 1 .
  • the relay 130 determines the destination of the message based on the attribute flag M 2 of the encrypted message MS received from the onboard communication device 140 . In the example shown in FIG. 6 , the relay 130 determines that the destinations of the message are the ECUs 120 connected to the first communication bus NW 1 and the second communication bus NW 2 . The relay 130 decrypts the encrypted message MS using the session key K 5 and then transmits the decrypted message to the first communication bus NW 1 .
  • Each ECU 120 connected to the first communication bus NW 1 identifies the destination of the decrypted message transmitted from the relay 130 .
  • the ECU 120 receives the decrypted message transmitted to the first communication bus NW 1 .
  • the ECU 120 obtains the vehicle information included in the decrypted message received from the first communication bus NW 1 .
  • the ECU 120 discards the decrypted message transmitted to the first communication bus NW 1 .
  • the bus management device 110 connected to the first communication bus NW 1 identifies the destination of the decrypted message transmitted to the first communication bus NW 1 from the relay 130 .
  • the bus management device 110 determines that the destination of the decrypted message is the ECU 120 connected to the second communication bus NW 2
  • the bus management device 110 receives the decrypted message transmitted to the first communication bus NW 1 .
  • the bus management device 110 transmits the decrypted message received from the first communication bus NW 1 to the second communication bus NW 2 .
  • each ECU 120 connected to the second communication bus NW 2 receives the decrypted message from the second communication bus NW 2 and obtains the vehicle information included in the received decrypted message.
  • the bus management device 110 prior to transmitting the encrypted message MS, the bus management device 110 distributes the session key K 5 to the vehicle information server 210 after performing authentication between the bus management device 110 and the vehicle information server 210 . Further, the bus management device 110 distributes the session key K 5 to the relay 130 after performing authentication between the bus management device 110 and the relay 130 .
  • the vehicle information server 210 encrypts a message including vehicle information using the session key K 5 distributed from the bus management device 110 . Then, the vehicle information server 210 instructs the center communication device 220 to transmit the encrypted message MS.
  • the center communication device 220 transmits the encrypted message MS to the onboard communication device 140 based on the instruction from the vehicle information server 210 .
  • the onboard communication device 140 transfers the encrypted message MS received from the vehicle information server 210 to the relay 130 via the communication line S 1 .
  • the relay 130 determines the destination of the message based on the attribute flag M 2 of the encrypted message MS received from the onboard communication device 140 . In the example shown in FIG. 7 , the relay 130 determines that the destinations of the message are the ECUs 120 connected to the second communication bus NW 2 . The relay 130 transmits the encrypted message MS to the first communication bus NW 1 without decrypting the encrypted message MS.
  • the bus management device 110 identifies the destination of the encrypted message MS transmitted from the relay 130 to the first communication bus NW 1 .
  • the bus management device 110 receives the encrypted message MS transmitted to the first communication bus NW 1 .
  • the bus management device 110 decrypts the encrypted message MS using the session key K 5 and then transmits the decrypted message to the second communication bus NW 2 .
  • each ECU 120 connected to the second communication bus NW 2 receives the decrypted message from the second communication bus NW 2 and obtains the vehicle information included in the received decrypted message.
  • the second embodiment has the following advantages in addition to advantages (1) to (3) of the first embodiment.
  • the relay 130 obtains the session key K 5 , which is used to decrypt the encrypted message MS, through authentication between the relay 130 and the bus management device 110 .
  • the relay 130 cannot decrypt the encrypted message MS. This increases the security of the system.
  • the relay 130 transmits the encrypted message MS to the ECU 120 connected to the second communication bus NW 2 , the relay 130 transmits the encrypted message MS to the bus management device 110 via the first communication bus NW 1 without decrypting the encrypted message MS.
  • the relay 130 connected to the first communication bus NW 1 in an unauthorized manner cannot obtain the content of the encrypted message MS. This increases the security of the system.
  • the relay 130 when the relay 130 transmits the encrypted message MS to the ECU 120 connected to the second communication bus NW 2 , the relay 130 transmits the encrypted message MS to the bus management device 110 via the first communication bus NW 1 without decrypting the encrypted message MS. Instead, even when the relay 130 transmits the encrypted message MS to the ECU 120 connected to the second communication bus NW 2 , the relay 130 may decrypt the encrypted message MS and then transmit the decrypted message to the bus management device 110 via the first communication bus NW 1 .
  • the relay 130 obtains the session key K 5 , which is used to decrypt the encrypted message MS, through authentication between the relay 130 and the bus management device 110 .
  • the relay 130 may share the session key K 5 with the bus management device 110 by being connected to the bus management device 110 via a communication line that differs from the first communication bus NW 1 .
  • the encryption key used to decrypt the encrypted message MS is not necessarily the session key K 5 and may be a common key shared between the relay 130 and the bus management device 110 .
  • the relay 130 is connected to the onboard communication device 140 , which receives the encrypted message MS from outside the vehicle, via the communication line S 1 , which differs from the communication bus NW 1 .
  • the second secret key K 2 managed by the relay 130 may be shared between the relay 130 and the onboard communication device 140 by performing authentication between the relay 130 and the onboard communication device 140 via the first communication bus NW 1 .
  • the attribute flag M 2 related to a message destination is attached to the encrypted message MS.
  • the information related to a message destination may be included in the message region M 1 subject to encryption of the encrypted message MS.
  • the destination of the message may be determined after decrypting the encrypted message, and the message may be encrypted again if necessary.
  • the onboard communication device 140 determines the destination of the encrypted message MS.
  • the relay 130 may determine the destination of the encrypted message MS received from outside the vehicle after transferring the encrypted message MS from the onboard communication device 140 via the communication line S 1 .
  • the onboard communication device 140 is separate from the relay 130 . Instead, the onboard communication device 140 may be integrated with the relay 130 . In the same manner, the bus management device 110 may be integrated with the onboard communication device 140 .
  • the public key encryption mode is employed for message encryption.
  • a common key encryption mode may be employed for message encryption.
  • the public key encryption mode and the common key encryption mode may be combined.
  • the controller that executes various types of processes performed by the bus management device 110 , the onboard communication device 140 , and the relay 130 include the CPU and the ROM to execute software processing.
  • the configuration is not limited in such a manner. Instead, for example, at least part of the processes executed by the software in the above-described embodiments may be executed by hardware circuits dedicated to executing these processes (such as ASIC). That is, the controller may be modified as long as it has any one of the following configurations (a) to (c). (a) A configuration including a processor that executes all of the above-described processes according to programs and a program storage device such as a ROM (including a non-transitory computer readable medium) that stores the programs.
  • a plurality of software processing circuits each including a processor and a program storage device and a plurality of dedicated hardware circuits may be provided. That is, the above processes may be executed in any manner as long as the processes are executed by processing circuitry that includes at least one of a set of one or more software processing circuits and a set of one or more dedicated hardware circuits.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Small-Scale Networks (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

An onboard device transfers an encrypted message encrypted outside a vehicle to one or more vehicle controllers connected to a vehicle network. When the encrypted message is an individual message to one of the vehicle controllers, the onboard device transmits the encrypted message to the one of the vehicle controllers via the vehicle network. When the encrypted message is a common message to the one or more vehicle controllers, the onboard device decrypts the encrypted message using an encryption key owned by the onboard device and then transmits the decrypted message to the one or more vehicle controllers via the vehicle network.

Description

    CROSS-REFERENCE TO RELATED APPLICATIONS
  • This application claims priority to Japanese Patent Application No. 2018-060400 filed on Mar. 27, 2018, incorporated herein by reference in its entirety.
  • BACKGROUND
  • The present disclosure relates to a vehicle communication system and a vehicle communication method for transmitting and receiving an encrypted message.
  • Japanese Laid-Open Patent Publication No. 2013-201510 describes an example of such a vehicle communication system. In this system, a device for relaying data from one node to another node centrally manages whether or not to encrypt a message. The message encryption is managed in a unit of a combination of a bus connected to a transmission-side node and a bus connected to a reception-side node. Thus, the nodes do not need to have a message encryption function. This reduces the load on the nodes and increases the security of data communication.
    • SUMMARY
  • However, in the system described in the above-described document, when the reception-side node is configured by nodes connected to a vehicle network, a predetermined node receives an encrypted message via the vehicle network and decrypts the received message. The predetermined node sequentially transfers the decrypted message to other nodes via the vehicle network. That is, when the encrypted message is shared between the nodes connected to the vehicle network, the same message before and after the decryption is doubly transmitted to the vehicle network. This increases the communication load on the vehicle network.
  • It is an object of the present disclosure to provide a vehicle communication system and a vehicle communication method for reducing the communication load on a vehicle network by avoiding double transmission of a message before and after decryption to the vehicle network.
  • The examples of the present disclosure will now be described.
  • Example 1: A vehicle communication system is provided. The vehicle communication system includes an onboard device and one or more vehicle controllers connected to a vehicle network. The onboard device is configured to transfer an encrypted message encrypted outside a vehicle to the one or more vehicle controllers connected to the vehicle network, when the encrypted message is an individual message to one of the vehicle controllers, transmit the encrypted message to the one of the vehicle controllers via the vehicle network, and when the encrypted message is a common message to the one or more vehicle controllers, decrypt the encrypted message using an encryption key owned by the onboard device and then transmit the decrypted message to the one or more vehicle controllers via the vehicle network.
  • The above-described configuration avoids double transmission of the same message before and after decryption to the vehicle network and thus reduces the communication load on the vehicle network.
  • Example 2: In the vehicle communication system according to Example 1, the attribute information related to a message destination may be attached to the encrypted message and that the onboard device may be configured to determine a destination of the encrypted message based on the attribute information.
  • The above-described configuration allows for determination of whether the encrypted message is an individual message to each ECU or a common message to the ECUs without decrypting the encrypted message.
  • Example 3: In the vehicle communication system according to Example 1 or 2, the vehicle communication system may further include a communication device that receives the encrypted message from outside the vehicle and a communication line that connects the onboard device to the communication device. The communication line differs from the vehicle network.
  • With the above-described configuration, the encryption key managed by the onboard device can be shared with the communication device without using the vehicle network. This increases the security of the system.
  • Example 4: In the vehicle communication system according to any one of Examples 1 to 3, the vehicle communication system may further include a network management device that manages communication of the encrypted message via the vehicle network and that the network management device be configured to share the encryption key with the onboard device through authentication between the network management device and the onboard device.
  • With the above-described configuration, the onboard device obtains the encryption key, which is used to decrypt the encrypted message, through authentication between the onboard device and the network management device. Thus, when the onboard device is connected to the vehicle network in an unauthorized manner, the onboard device cannot decrypt the encrypted message. This increases the security of the system.
  • Example 5: In the vehicle communication system according to Example 4, the vehicle network may include a first vehicle network connected to the onboard device and a second vehicle network connected to the onboard device via the network management device. The network management device may also be configured to, when receiving the encrypted message of which a destination is a vehicle controller connected to the second vehicle network, transmit the encrypted message to the vehicle controller via the second vehicle network. The network management device may also be configured to, when receiving the encrypted message of which destinations are one or more vehicle controllers connected to the second vehicle network, decrypt the encrypted message using the encryption key owned by the network management device and then transmit the decrypted message to the one or more vehicle controllers connected to the second vehicle network via the second vehicle network.
  • When the onboard device transmits the encrypted message to the onboard controller connected to the second communication bus, the onboard device transmits the encrypted message to the network management device via the first communication bus without decrypting the encrypted message. Thus, an onboard device connected to the first communication bus in an unauthorized manner cannot obtain the content of the encrypted message. This increases the security of the system.
  • Example 6: A vehicle communication method for executing the processes described in Examples 1 to 5 is provided.
  • Example 7: A non-transitory computer-readable storage medium that stores a program causing a processor to execute the processes described in examples 1 to 5 is provided.
  • Other aspects and advantages of the present disclosure will become apparent from the following description, taken in conjunction with the accompanying drawings, illustrating by way of example the principles of the disclosure.
    • BRIEF DESCRIPTION OF THE DRAWINGS
  • The disclosure, together with objects and advantages thereof, may best be understood by reference to the following description of the embodiments together with the accompanying drawings in which:
  • FIG. 1 is a block diagram illustrating the schematic configuration of a vehicle communication system according to a first embodiment of the present disclosure;
  • FIG. 2 is a schematic diagram illustrating an example of the data configuration of an encrypted message in the vehicle communication system of FIG. 1;
  • FIG. 3 is a sequence chart illustrating the flow of processes for transmitting an individual message to ECUs in the vehicle communication system of FIG. 1;
  • FIG. 4 is a sequence chart illustrating the flow of processes for transmitting a common message to the ECUs in the vehicle communication system of FIG. 1;
  • FIG. 5 is a block diagram illustrating the schematic configuration of a vehicle communication system according to a second embodiment;
  • FIG. 6 is a sequence chart illustrating the flow of processes for transmitting a common message to the ECUs connected to a first communication bus and a second communication bus in the vehicle communication system of FIG. 5; and
  • FIG. 7 is a sequence chart illustrating the flow of processes for transmitting a common message to the ECUs connected to the second communication bus in the vehicle communication system of FIG. 5.
    •  DETAILED DESCRIPTION First Embodiment
  • A vehicle communication system according to a first embodiment of the present disclosure will now be described with reference to FIGS. 1 to 4.
  • The vehicle communication system of the present embodiment includes an information center located outside the vehicle. The information center uses an encryption key for encrypted communication with a relay (onboard device) to encrypt a message. The relay transfers the encrypted message to ECUs (vehicle controllers) connected to a first communication bus (vehicle network).
  • More specifically, as shown in FIG. 1, a vehicle 100 includes a bus management device 110, ECUs 120, an onboard communication device 140, and a relay 130.
  • The bus management device 110 controls transmission and reception of communication data via communication buses NW1 and NW2. The bus management device 110 is connected to a plurality of (two in the example shown in FIG. 1) ECUs 120, the relay 130, and the onboard communication device 140 via the first communication bus NW1. Further, the bus management device 110 is connected to a plurality of (two in the example shown in FIG. 1) ECUs 120 via the communication bus NW2. In the present embodiment, the onboard communication device 140 is connected to the bus management device 110 via the communication bus NW1. That is, the onboard communication device 140 is connected to the communication bus NW2 via the communication bus NW1 and the bus management device 110. The bus management device 110 acts as a network management device that manages the communication of an encrypted message MS via the communication networks NW1 and NW2.
  • Each ECU 120 is an electronic controller that performs various types of vehicle control. The ECUs 120 are classified into, for example, a drive ECU 120, an information ECU 120, and a body ECU 120 for each group of the ECUs 120 connected to the same communication buses NW1 and NW2. In addition, each ECU 120 manages (owns) a first secret key K1 as an individual encryption key for the ECU 120.
  • The relay 130 is connected to the onboard communication device 140, which communicates with the information center 200, via a communication line S1 that differs from the communication bus NW1. The relay 130 manages a second secret key K2 as an encryption key unique to the relay 130.
  • The onboard communication device 140 obtains, via the communication line S1, the second secret key K2 managed by the relay 130. Further, the onboard communication device 140 obtains, via the communication buses NW1 and NW2, a first public key K3 paired with the first secret key K1 managed by each ECU 120 and a second public key K4 paired with the second secret key K2 managed by the relay 130. Then, the onboard communication device 140 transmits these obtained public keys K3 and K4 to the information center 200 located outside the vehicle.
  • The information center 200 includes a vehicle information server 210 and a center communication device 220.
  • The vehicle information server 210 includes a vehicle information database 211 that manages the vehicle information of vehicles 100. The vehicle information includes a preset value used to control the vehicle by each ECU 120, which is installed in the vehicle 100. Further, the vehicle information server 210 manages the public keys K3 and K4 received via the center communication device 220. When transmitting the vehicle information to the vehicle 100, the vehicle information server 210 encrypts the vehicle information read from the vehicle information database 211 using the first public key K3 or the second public key K4 to generate an encrypted message. Then, the vehicle information server 210 transmits the generated encrypted message to the vehicle 100 via the center communication device 220.
  • As shown in FIG. 2, the encrypted message MS includes a message region M1 and an attribute flag M2. The message region M1 includes vehicle information subject to encryption. The attribute flag M2 includes flag information indicating whether the first public key K3 or the second public key K4 has been used to encrypt the encrypted message MS. The attribute flag M2 is excluded from the subject of encryption.
  • When receiving the encrypted message MS from the information center 200, the onboard communication device 140 reads the flag information included in the attribute flag M2 without decrypting the encrypted message MS. Further, the onboard communication device 140 determines the destination of the encrypted message MS based on the flag information read from the encrypted message MS. That is, the attribute flag M2 includes attribute information related to a message destination, and the encrypted message MS includes the attribute flag M2 so that the attribute information related to a message destination is attached to the encrypted message MS.
  • More specifically, when the encryption key used for encryption is the first public key K3, the onboard communication device 140 determines that the encrypted message MS is an individual message directed to a specific ECU 120. The onboard communication device 140 transmits the encrypted message MS to the specific ECU 120, which is the destination of the encrypted message MS, via the first communication bus NW1 without decrypting the encrypted message MS. When receiving the encrypted message MS from the onboard communication device 140, the specific ECU 120 decrypts the encrypted message MS using the first secret key K1 managed by the ECU 120 to obtain the vehicle information included in the message region M1.
  • When the encryption key used for encryption is the second public key K4, the onboard communication device 140 determines that the encrypted message MS is a common message directed to the ECUs 120 connected to the communication buses NW1 and NW2. The onboard communication device 140 decrypts the encrypted message MS using the second secret key K2 managed by the onboard communication device 140 and then transmits the decrypted message to the ECUs 120, which are the destinations of the encrypted message MS, via the first communication bus NW1. When each ECU 120 receives the decrypted message from the onboard communication device 140, the ECU 120 obtains the vehicle information included in the message region M1 of the received message.
  • The flow of processes for transmitting an individual message to each ECU 120 in the vehicle communication system of the present embodiment will now be described.
  • As shown in FIG. 3, the vehicle information server 210 first encrypts a message including vehicle information using the first public key K3. Then, the vehicle information server 210 instructs the center communication device 220 to transmit the encrypted message MS.
  • The center communication device 220 transmits the encrypted message MS to the onboard communication device 140 based on the instruction from the vehicle information server 210.
  • The onboard communication device 140 determines the destination of the message based on the attribute flag M2 of the encrypted message MS received from the vehicle information server 210. In the example of FIG. 3, the first public key K3 is used for message encryption. Thus, the onboard communication device 140 determines that the destinations of the message are specific ECUs 120 connected to the communication buses NW1 and NW2. The onboard communication device 140 transmits the encrypted message MS to the first communication bus NW1 without decrypting the encrypted message MS.
  • Each ECU 120 connected to the first communication bus NW1 identifies the destination of the encrypted message MS transmitted to the first communication bus NW1 from the onboard communication device 140. When the ECU 120 identifies that the destination of the encrypted message MS is the ECU 120, the ECU 120 receives the encrypted message MS transmitted to the first communication bus NW1. The ECU 120 obtains the vehicle information included in the encrypted message MS received from the first communication bus NW1 by decrypting the encrypted message MS using the first secret key K1. When the ECU 120 identifies that the destination of the encrypted message MS is not the ECU 120, the ECU 120 discards the encrypted message MS transmitted to the first communication bus NW1.
  • The flow of processes for transmitting a common message to the ECUs 120 in the vehicle communication system of the present embodiment will now be described.
  • As shown in FIG. 4, prior to message transmission, the onboard communication device 140 obtains the second secret key K2 managed by the relay 130 via the communication line S1.
  • The vehicle information server 210 first encrypts a message including vehicle information using the second public key K4. Then, the vehicle information server 210 instructs the center communication device 220 to transmit the encrypted message MS.
  • The center communication device 220 transmits the encrypted message MS to the onboard communication device 140 based on the instruction from the vehicle information server 210.
  • The onboard communication device 140 determines the destination of the message based on the attribute flag M2 of the encrypted message MS received from the vehicle information server 210. In the example of FIG. 4, the second public key K4 is used for message encryption. Thus, the onboard communication device 140 determines that the ECUs 120 connected to the communication buses NW1 and NW2 are the destinations of the message. The onboard communication device 140 decrypts the encrypted message MS using the second secret key K2 and then transmits the decrypted message to the first communication bus NW1.
  • Each ECU 120 connected to the first communication bus NW1 identifies the destination of the decrypted message transmitted to the first communication bus NW1 from the onboard communication device 140. When the ECU 120 identifies that the destination of the decrypted message is the ECU 120, the ECU 120 receives the decrypted message transmitted to the first communication bus NW1. The ECU 120 obtains the vehicle information included in the decrypted message received from the first communication bus NW1. When the ECU 120 identifies that the destination of the decrypted message is not the ECU 120, the ECU 120 discards the decrypted message transmitted to the first communication bus NW1.
  • In the same manner, the bus management device 110 connected to the first communication bus NW1 identifies the destination of the decrypted message transmitted to the first communication bus NW1 from the relay 130. When the bus management device 110 identifies that the destination of the decrypted message is the ECU 120 connected to the second communication bus NW2, the bus management device 110 receives the decrypted message transmitted to the first communication bus NW1. The bus management device 110 transmits the decrypted message received from the first communication bus NW1 to the second communication bus NW2. Subsequently, the ECU 120, which is the destination of the decrypted message, receives the decrypted message from the second communication bus NW and obtains the vehicle information included in the received decrypted message. When the bus management device 110 identifies that the destination of the decrypted message is not the ECU 120 connected to the second communication bus NW2, the bus management device 110 discards the decrypted message transmitted to the first communication bus NW1.
  • The operation of the vehicle communication system of the present embodiment will now be described.
  • When encryption communication is performed between the information center 200 and the vehicle 100, the encrypted message MS transmitted from the information center 200 may be a common message of which destinations are the ECUs 120 installed in the vehicle 100. In this case, if the same message is doubly transmitted to the communication buses NW1 and NW2 connected to the ECUs 120 before and after decryption, the communication load on the communication buses NW1 and NW2 is heavy. This may result in communication delay and communication error of messages.
  • In the present embodiment, when the onboard communication device 140 receives the encrypted message MS from the information center 200, the onboard communication device 140 determines whether or not the encrypted message MS is a common message based on the attribute flag attached to the encrypted message MS. When determining that the encrypted message MS is a common message, the onboard communication device 140 decrypts the encrypted message MS and then transmits the decrypted message to the first communication bus NW1. This avoids double transmission of the same message before and after decryption to the communication buses NW1 and NW2 and thus reduces the communication delay and communication errors of messages.
  • As described above, the first embodiment has the following advantages.
  • (1) The same message before and after decryption of the encrypted message MS received from outside the vehicle is prevented from being doubly transmitted to the communication buses NW1 and NW2. This reduces the communication load on the communication buses NW1 and NW2.
  • (2) The attribute flag M2, which is related to a message destination, is attached to the encrypted message MS. This allows the onboard communication device 140 to determine whether the encrypted message MS is an individual message to each ECU 120 or a common message to the ECUs 120 without decrypting the encrypted message MS.
  • (3) The relay 130 is connected to the onboard communication device 140, which receives the encrypted message MS from outside the vehicle, via the communication line S1, which differs from the communication bus NW1. Thus, the second secret key K2 managed by the relay 130 can be shared with the onboard communication device 140 without using the first communication bus NW1. This increases the security of the system.
    • Second Embodiment
  • A vehicle communication system according to a second embodiment of the present disclosure will now be described with reference to FIGS. 5 to 7. The second embodiment differs from the first embodiment in an encryption key used to encrypt a common message to ECUs. Thus, the following description focuses on the configuration that differs from the first embodiment. The configuration that is the same as or corresponds to the first embodiment will not be described.
  • As shown in FIG. 5, in the present embodiment, the relay 130 shares a session key K5 managed by the bus management device 110 with the bus management device 110 through authentication between the relay 130 and the bus management device 110 prior to receiving the encrypted message MS from the information center 200. Authentication is, for example, of a challenge-response type.
  • In the same manner, the vehicle information server 210 shares a session key K5 managed by the bus management device 110 with the bus management device 110 through authentication between the relay 130 and the bus management device 110 prior to transmitting the encrypted message MS to the vehicle 100. When transmitting a common message of which destinations are the ECUs 120, the vehicle information server 210 encrypts the message using the session key K5 and then transmits the encrypted message to the vehicle 100.
  • The onboard communication device 140 transfers the encrypted message MS received from the vehicle information server 210 to the relay 130 via the communication line S1. Then, based on the attribute flag M2 attached to the encrypted message MS received from the onboard communication device 140, the relay 130 determines whether or not the encrypted message MS is a common message of which destinations are the ECUs 120. When determining that the encrypted message MS is the common message, the relay 130 determines whether the destination of the common message is an ECU 120 connected to the first communication bus NW1 or an ECU 120 connected to the second communication bus NW2 based on the attribute flag M2 attached to the encrypted message MS.
  • When determining that the destination of the common message is the ECU 120 connected to the first communication bus NW1, the relay 130 decrypts the encrypted message MS using the session key K5 managed by the relay 130 and then transmits the decrypted message to the first communication bus NW1.
  • When the relay 130 selectively determines that the ECU 120 connected to the second communication bus NW2 is the destination of the common message instead of the ECU 120 connected to the first communication bus NW1, the relay 130 transfers the encrypted message MS to the bus management device 110 via the first communication bus NW1 without decrypting the encrypted message MS. The bus management device 110 decrypts the encrypted message MS transferred from the relay 130 using the session key K5 managed by the bus management device 110 and then transmits the decrypted encrypted message MS to the second communication bus NW2.
  • The flow of processes for transmitting a common message to the ECUs 120 connected to the first communication bus NW1 and the second communication bus NW2 in the vehicle communication system of the present embodiment will now be described.
  • As shown in FIG. 6, in the present embodiment, prior to transmitting the encrypted message MS, the bus management device 110 distributes the session key K5 to the vehicle information server 210 after performing authentication between the bus management device 110 and the vehicle information server 210. Further, the bus management device 110 distributes the session key K5 to the relay 130 after performing authentication between the bus management device 110 and the relay 130.
  • The vehicle information server 210 encrypts a message including vehicle information using the session key K5 distributed from the bus management device 110. Then, the vehicle information server 210 instructs the center communication device 220 to transmit the encrypted message MS.
  • The center communication device 220 transmits the encrypted message MS to the onboard communication device 140 based on the instruction from the vehicle information server 210.
  • The onboard communication device 140 transfers the encrypted message MS received from the vehicle information server 210 to the relay 130 via the communication line S1.
  • The relay 130 determines the destination of the message based on the attribute flag M2 of the encrypted message MS received from the onboard communication device 140. In the example shown in FIG. 6, the relay 130 determines that the destinations of the message are the ECUs 120 connected to the first communication bus NW1 and the second communication bus NW2. The relay 130 decrypts the encrypted message MS using the session key K5 and then transmits the decrypted message to the first communication bus NW1.
  • Each ECU 120 connected to the first communication bus NW1 identifies the destination of the decrypted message transmitted from the relay 130. When the ECU 120 identifies that the destination of the decrypted message is the ECU 120, the ECU 120 receives the decrypted message transmitted to the first communication bus NW1. The ECU 120 obtains the vehicle information included in the decrypted message received from the first communication bus NW1. When the ECU 120 identifies that the destination of the decrypted message is not the ECU 120, the ECU 120 discards the decrypted message transmitted to the first communication bus NW1.
  • In the same manner, the bus management device 110 connected to the first communication bus NW1 identifies the destination of the decrypted message transmitted to the first communication bus NW1 from the relay 130. When the bus management device 110 determines that the destination of the decrypted message is the ECU 120 connected to the second communication bus NW2, the bus management device 110 receives the decrypted message transmitted to the first communication bus NW1. The bus management device 110 transmits the decrypted message received from the first communication bus NW1 to the second communication bus NW2. Subsequently, each ECU 120 connected to the second communication bus NW2 receives the decrypted message from the second communication bus NW2 and obtains the vehicle information included in the received decrypted message.
  • The flow of processes for transmitting a common message to the ECUs 120 connected to the second communication bus NW2 in the vehicle communication system of the present embodiment will now be described.
  • As shown in FIG. 7, in the present embodiment, prior to transmitting the encrypted message MS, the bus management device 110 distributes the session key K5 to the vehicle information server 210 after performing authentication between the bus management device 110 and the vehicle information server 210. Further, the bus management device 110 distributes the session key K5 to the relay 130 after performing authentication between the bus management device 110 and the relay 130.
  • The vehicle information server 210 encrypts a message including vehicle information using the session key K5 distributed from the bus management device 110. Then, the vehicle information server 210 instructs the center communication device 220 to transmit the encrypted message MS.
  • The center communication device 220 transmits the encrypted message MS to the onboard communication device 140 based on the instruction from the vehicle information server 210.
  • The onboard communication device 140 transfers the encrypted message MS received from the vehicle information server 210 to the relay 130 via the communication line S1.
  • The relay 130 determines the destination of the message based on the attribute flag M2 of the encrypted message MS received from the onboard communication device 140. In the example shown in FIG. 7, the relay 130 determines that the destinations of the message are the ECUs 120 connected to the second communication bus NW2. The relay 130 transmits the encrypted message MS to the first communication bus NW1 without decrypting the encrypted message MS.
  • The bus management device 110 identifies the destination of the encrypted message MS transmitted from the relay 130 to the first communication bus NW1. When the ECU 120 identifies that the destination of the encrypted message MS is the ECU 120 connected to the second communication bus NW2, the bus management device 110 receives the encrypted message MS transmitted to the first communication bus NW1. The bus management device 110 decrypts the encrypted message MS using the session key K5 and then transmits the decrypted message to the second communication bus NW2. Subsequently, each ECU 120 connected to the second communication bus NW2 receives the decrypted message from the second communication bus NW2 and obtains the vehicle information included in the received decrypted message.
  • As described above, the second embodiment has the following advantages in addition to advantages (1) to (3) of the first embodiment.
  • (4) The relay 130 obtains the session key K5, which is used to decrypt the encrypted message MS, through authentication between the relay 130 and the bus management device 110. Thus, when a relay is connected to the first communication bus NW1 in an unauthorized manner, the relay cannot decrypt the encrypted message MS. This increases the security of the system.
  • (5) When the relay 130 transmits the encrypted message MS to the ECU 120 connected to the second communication bus NW2, the relay 130 transmits the encrypted message MS to the bus management device 110 via the first communication bus NW1 without decrypting the encrypted message MS. Thus, the relay 130 connected to the first communication bus NW1 in an unauthorized manner cannot obtain the content of the encrypted message MS. This increases the security of the system.
    • Other Embodiments
  • It should be apparent to those skilled in the art that the present disclosure may be embodied in many other specific forms without departing from the spirit or scope of the disclosure. Particularly, it should be understood that the present disclosure may be embodied in the following forms.
  • In the second embodiment, when the relay 130 transmits the encrypted message MS to the ECU 120 connected to the second communication bus NW2, the relay 130 transmits the encrypted message MS to the bus management device 110 via the first communication bus NW1 without decrypting the encrypted message MS. Instead, even when the relay 130 transmits the encrypted message MS to the ECU 120 connected to the second communication bus NW2, the relay 130 may decrypt the encrypted message MS and then transmit the decrypted message to the bus management device 110 via the first communication bus NW1.
  • In the second embodiment, the relay 130 obtains the session key K5, which is used to decrypt the encrypted message MS, through authentication between the relay 130 and the bus management device 110. Instead, the relay 130 may share the session key K5 with the bus management device 110 by being connected to the bus management device 110 via a communication line that differs from the first communication bus NW1. Further, the encryption key used to decrypt the encrypted message MS is not necessarily the session key K5 and may be a common key shared between the relay 130 and the bus management device 110.
  • In the first embodiment, the relay 130 is connected to the onboard communication device 140, which receives the encrypted message MS from outside the vehicle, via the communication line S1, which differs from the communication bus NW1. Instead, the second secret key K2 managed by the relay 130 may be shared between the relay 130 and the onboard communication device 140 by performing authentication between the relay 130 and the onboard communication device 140 via the first communication bus NW1.
  • In each of the above embodiments, the attribute flag M2 related to a message destination is attached to the encrypted message MS. Instead, the information related to a message destination may be included in the message region M1 subject to encryption of the encrypted message MS. In this case, the destination of the message may be determined after decrypting the encrypted message, and the message may be encrypted again if necessary.
  • In the first embodiment, the onboard communication device 140 determines the destination of the encrypted message MS. Instead, the relay 130 may determine the destination of the encrypted message MS received from outside the vehicle after transferring the encrypted message MS from the onboard communication device 140 via the communication line S1.
  • In each of the above-described embodiments, the onboard communication device 140 is separate from the relay 130. Instead, the onboard communication device 140 may be integrated with the relay 130. In the same manner, the bus management device 110 may be integrated with the onboard communication device 140.
  • In each of the above-described embodiments, the public key encryption mode is employed for message encryption. Instead, a common key encryption mode may be employed for message encryption. Alternatively, the public key encryption mode and the common key encryption mode may be combined.
  • In each of the above-described embodiments, the controller that executes various types of processes performed by the bus management device 110, the onboard communication device 140, and the relay 130 include the CPU and the ROM to execute software processing. However, the configuration is not limited in such a manner. Instead, for example, at least part of the processes executed by the software in the above-described embodiments may be executed by hardware circuits dedicated to executing these processes (such as ASIC). That is, the controller may be modified as long as it has any one of the following configurations (a) to (c). (a) A configuration including a processor that executes all of the above-described processes according to programs and a program storage device such as a ROM (including a non-transitory computer readable medium) that stores the programs. (b) A configuration including a processor and a program storage device that execute part of the above-described processes according to the programs and a dedicated hardware circuit that executes the remaining processes. (c) A configuration including a dedicated hardware circuit that executes all of the above-described processes. A plurality of software processing circuits each including a processor and a program storage device and a plurality of dedicated hardware circuits may be provided. That is, the above processes may be executed in any manner as long as the processes are executed by processing circuitry that includes at least one of a set of one or more software processing circuits and a set of one or more dedicated hardware circuits.
  • Therefore, the present examples and embodiments are to be considered as illustrative and not restrictive and the disclosure is not to be limited to the details given herein, but may be modified within the scope and equivalence of the appended claims.

Claims (7)

1. A vehicle communication system comprising:
an onboard device; and
one or more vehicle controllers connected to a vehicle network, wherein the onboard device is configured to:
transfer an encrypted message encrypted outside a vehicle to the one or more vehicle controllers connected to the vehicle network;
when the encrypted message is an individual message to one of the vehicle controllers, transmit the encrypted message to the one of the vehicle controllers via the vehicle network; and
when the encrypted message is a common message to the one or more vehicle controllers, decrypt the encrypted message using an encryption key owned by the onboard device and then transmit the decrypted message to the one or more vehicle controllers via the vehicle network.
2. The vehicle communication system according to claim 1, wherein
attribute information related to a message destination is attached to the encrypted message, and
the onboard device is configured to determine a destination of the encrypted message based on the attribute information.
3. The vehicle communication system according to claim 1, further comprising:
a communication device that receives the encrypted message from outside the vehicle; and
a communication line that connects the onboard device to the communication device, wherein the communication line differs from the vehicle network.
4. The vehicle communication system according to claim 1, further comprising a network management device that manages communication of the encrypted message via the vehicle network, wherein the network management device is configured to share the encryption key with the onboard device through authentication between the network management device and the onboard device.
5. The vehicle communication system according to claim 4, wherein
the vehicle network includes a first vehicle network connected to the onboard device and a second vehicle network connected to the onboard device via the network management device, and
the network management device is configured to:
when receiving the encrypted message of which a destination is a vehicle controller connected to the second vehicle network, transmit the encrypted message to the vehicle controller via the second vehicle network; and
when receiving the encrypted message of which destinations are one or more vehicle controllers connected to the second vehicle network, decrypt the encrypted message using the encryption key owned by the network management device and then transmit the decrypted message to the one or more vehicle controllers connected to the second vehicle network via the second vehicle network.
6. A vehicle communication method comprising:
transferring an encrypted message encrypted outside a vehicle to one or more vehicle controllers connected to a vehicle network;
when the encrypted message is an individual message to one of the vehicle controllers, transmitting, by an onboard device, the encrypted message to the one of the vehicle controllers via the vehicle network;
when the encrypted message is a common message to the one or more vehicle controllers, decrypting, by the onboard device, the encrypted message using an encryption key owned by the onboard device; and
transmitting, by the onboard device, the decrypted message to the one or more vehicle controllers via the vehicle network.
7. A non-transitory computer-readable storage medium that stores a program causing a processor to execute a vehicle communication process, the vehicle communication process comprising:
transferring an encrypted message encrypted outside a vehicle to one or more vehicle controllers connected to a vehicle network;
when the encrypted message is an individual message to one of the vehicle controllers, transmitting, by an onboard device, the encrypted message to the one of the vehicle controllers via the vehicle network;
when the encrypted message is a common message to the one or more vehicle controllers, decrypting, by the onboard device, the encrypted message using an encryption key owned by the onboard device; and
transmitting, by the onboard device, the decrypted message to the one or more vehicle controllers via the vehicle network.
US16/362,989 2018-03-27 2019-03-25 Vehicle communication system and vehicle communication method Active 2039-11-26 US11218309B2 (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
JP2018060400A JP6950605B2 (en) 2018-03-27 2018-03-27 Vehicle communication system
JP2018-060400 2018-03-27
JPJP2018-060400 2018-03-27

Publications (2)

Publication Number Publication Date
US20190305939A1 true US20190305939A1 (en) 2019-10-03
US11218309B2 US11218309B2 (en) 2022-01-04

Family

ID=67910205

Family Applications (1)

Application Number Title Priority Date Filing Date
US16/362,989 Active 2039-11-26 US11218309B2 (en) 2018-03-27 2019-03-25 Vehicle communication system and vehicle communication method

Country Status (4)

Country Link
US (1) US11218309B2 (en)
JP (1) JP6950605B2 (en)
CN (1) CN110312232B (en)
DE (1) DE102019103419B4 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114785543A (en) * 2022-03-09 2022-07-22 西安电子科技大学 In-vehicle network cross-domain communication method, computer equipment and intelligent terminal
US20220239694A1 (en) * 2021-01-28 2022-07-28 Robert Bosch Gmbh System and method for detection and deflection of attacks on in-vehicle controllers and networks
US20240113867A1 (en) * 2022-09-30 2024-04-04 General Electric Company Methods and systems for starting secure communication in systems with high availability

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11445362B2 (en) * 2019-03-01 2022-09-13 Intel Corporation Security certificate management and misbehavior vehicle reporting in vehicle-to-everything (V2X) communication
CN115484085A (en) * 2022-09-06 2022-12-16 中国铁道科学研究院集团有限公司 EMU network security control method, device, equipment and readable storage medium

Family Cites Families (60)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8140658B1 (en) * 1999-10-06 2012-03-20 Borgia/Cummins, Llc Apparatus for internetworked wireless integrated network sensors (WINS)
US20050203673A1 (en) * 2000-08-18 2005-09-15 Hassanayn Machlab El-Hajj Wireless communication framework
JP3639568B2 (en) * 2002-08-30 2005-04-20 日本電信電話株式会社 In-vehicle information distribution system
US7231041B2 (en) * 2003-08-19 2007-06-12 General Motors Corporation Method, device, and system for secure motor vehicle remote keyless entry
EP1735672A1 (en) * 2004-04-01 2006-12-27 Delphi Technologies, Inc. Method and protocol for diagnostics of arbitrarily complex networks of devices
US20060106508A1 (en) * 2004-11-12 2006-05-18 Spx Corporation Remote display of diagnostic data apparatus and method
WO2007105104A2 (en) * 2006-03-15 2007-09-20 Actividentity Inc. Method and system for storing a key in a remote security module
JP4923974B2 (en) * 2006-09-05 2012-04-25 株式会社デンソー Wireless communication system and in-vehicle device
JP4636171B2 (en) * 2008-12-17 2011-02-23 トヨタ自動車株式会社 Biometric authentication system for vehicles
EP2514161B1 (en) * 2009-12-14 2016-04-20 Continental Automotive GmbH Method for communicating between a first motor vehicle and at least one second motor vehicle
US20120302265A1 (en) * 2011-05-24 2012-11-29 General Motors Llc Vehicle telematics communication for providing vehicle telematics services
JP5531161B2 (en) * 2011-05-25 2014-06-25 トヨタ自動車株式会社 Vehicle communication device
JP5522160B2 (en) * 2011-12-21 2014-06-18 トヨタ自動車株式会社 Vehicle network monitoring device
JP5435022B2 (en) * 2011-12-28 2014-03-05 株式会社デンソー In-vehicle system and communication method
JP5999108B2 (en) * 2012-01-25 2016-09-28 トヨタ自動車株式会社 Vehicle remote operation information providing device, in-vehicle remote operation information acquisition device, and vehicle remote operation system including these devices
DE102013101508B4 (en) 2012-02-20 2024-10-02 Denso Corporation Data communication authentication system for a vehicle and network coupling device for a vehicle
JP5783103B2 (en) 2012-03-23 2015-09-24 株式会社デンソー VEHICLE DATA COMMUNICATION SYSTEM AND VEHICLE DATA COMMUNICATION DEVICE
JP5900007B2 (en) * 2012-02-20 2016-04-06 株式会社デンソー VEHICLE DATA COMMUNICATION AUTHENTICATION SYSTEM AND VEHICLE GATEWAY DEVICE
JP5886099B2 (en) * 2012-03-21 2016-03-16 日立オートモティブシステムズ株式会社 Electronic control unit for automobile
EP3651437B1 (en) * 2012-03-29 2021-02-24 Arilou Information Security Technologies Ltd. Protecting a vehicle electronic system
EP2858003B1 (en) * 2012-05-29 2018-10-10 Toyota Jidosha Kabushiki Kaisha Authentication system and authentication method
US8831224B2 (en) * 2012-09-14 2014-09-09 GM Global Technology Operations LLC Method and apparatus for secure pairing of mobile devices with vehicles using telematics system
CN104823197B (en) * 2012-12-05 2017-08-15 丰田自动车株式会社 The Verification System of vehicle network and the authentication method of vehicle network
US9276944B2 (en) 2013-03-13 2016-03-01 International Business Machines Corporation Generalized certificate use in policy-based secure messaging environments
US20150264017A1 (en) * 2014-03-14 2015-09-17 Hyundai Motor Company Secure vehicle data communications
JP2016063233A (en) * 2014-09-12 2016-04-25 株式会社東芝 Communication control device
US9392431B2 (en) * 2014-09-30 2016-07-12 Verizon Patent And Licensing Inc. Automatic vehicle crash detection using onboard devices
JP6618480B2 (en) * 2014-11-12 2019-12-11 パナソニック インテレクチュアル プロパティ コーポレーション オブ アメリカPanasonic Intellectual Property Corporation of America Update management method, update management system, and control program
JP6173411B2 (en) * 2014-12-12 2017-08-02 Kddi株式会社 Management device, vehicle, management system, management method, and computer program
CN107430813B (en) * 2015-03-27 2020-05-12 三菱电机株式会社 Driving support information generation device, driving support information generation method, driving support device, and driving support method
US9694725B2 (en) * 2015-04-22 2017-07-04 Panasonic Avionics Corporation Passenger seat pairing system
JP6345157B2 (en) * 2015-06-29 2018-06-20 クラリオン株式会社 In-vehicle information communication system and authentication method
MX357454B (en) * 2015-07-16 2018-06-26 Inst Tecnologico Y De Estudios Superiores De Occidente A C System and method for reprogramming ecu devices (electronic control units) in vehicles, via digital radio.
US9691278B2 (en) * 2015-07-28 2017-06-27 Mcafee, Inc. Systems and methods for traffic control
JP6787697B2 (en) * 2015-08-31 2020-11-18 パナソニック インテレクチュアル プロパティ コーポレーション オブ アメリカPanasonic Intellectual Property Corporation of America Gateway device, in-vehicle network system and transfer method
KR101704569B1 (en) * 2015-09-09 2017-02-08 현대자동차주식회사 Method, Apparatus and System For Controlling Dynamic Vehicle Security Communication Based on Ignition
KR101675332B1 (en) * 2015-09-14 2016-11-11 인포뱅크 주식회사 Data commincaiton method for vehicle, Electronic Control Unit and system thereof
US9756024B2 (en) * 2015-09-18 2017-09-05 Trillium Incorporated Computer-implemented cryptographic method for improving a computer network, and terminal, system and computer-readable medium for the same
EP3353985A1 (en) * 2015-09-22 2018-08-01 BAE Systems PLC Cryptographic key distribution
JP6217728B2 (en) * 2015-10-19 2017-10-25 トヨタ自動車株式会社 Vehicle system and authentication method
US20170150361A1 (en) * 2015-11-20 2017-05-25 Faraday&Future Inc. Secure vehicle network architecture
JP6384733B2 (en) * 2015-11-20 2018-09-05 本田技研工業株式会社 Communication system and control device
CN105635147A (en) * 2015-12-30 2016-06-01 深圳市图雅丽特种技术有限公司 Vehicle-mounted-special-equipment-system-based secure data transmission method and system
US9923722B2 (en) * 2016-04-18 2018-03-20 GM Global Technology Operations LLC Message authentication library
US10574305B2 (en) * 2016-05-11 2020-02-25 Magna Electronics Inc. Vehicle secured communication system
US20170331795A1 (en) * 2016-05-13 2017-11-16 Ford Global Technologies, Llc Vehicle data encryption
JP6890025B2 (en) * 2016-05-27 2021-06-18 パナソニック インテレクチュアル プロパティ コーポレーション オブ アメリカPanasonic Intellectual Property Corporation of America Electronic control unit, frame generation method and program
US10050946B2 (en) * 2016-06-17 2018-08-14 The Boeing Company Secured data transmission using identity-based cryptography
US10189482B2 (en) * 2016-06-28 2019-01-29 Volkswagen Aktiengesellschaft Apparatus, system and method for personalized settings for driver assistance systems
WO2018115992A1 (en) * 2016-12-22 2018-06-28 Itext Group Distributed blockchain-based method for saving the location of a file
JP6493381B2 (en) * 2016-12-26 2019-04-03 トヨタ自動車株式会社 In-vehicle communication system
JP6508188B2 (en) * 2016-12-26 2019-05-08 トヨタ自動車株式会社 Cryptographic communication system
US20180205729A1 (en) * 2017-01-13 2018-07-19 GM Global Technology Operations LLC Method and apparatus for encryption, decryption and authentication
US10484466B2 (en) * 2017-02-01 2019-11-19 Panasonic Avionics Corporation Methods and systems for communicating messages to passengers on a transportation vehicle
KR102042739B1 (en) * 2017-09-22 2019-11-08 서강대학교산학협력단 Apparatus and method for communication using message history-based security key using blockchain
US20190173951A1 (en) * 2017-12-01 2019-06-06 GM Global Technology Operations LLC Vehicle communication using publish-subscribe messaging protocol
US10834206B2 (en) * 2018-02-27 2020-11-10 Excelfore Corporation Broker-based bus protocol and multi-client architecture
US10991175B2 (en) * 2018-12-27 2021-04-27 Beijing Voyager Technology Co., Ltd. Repair management system for autonomous vehicle in a trusted platform
US20210004146A1 (en) * 2019-07-01 2021-01-07 Microsoft Technology Licensing, Llc Virtual dial control
US10902190B1 (en) * 2019-07-03 2021-01-26 Microsoft Technology Licensing Llc Populating electronic messages with quotes

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20220239694A1 (en) * 2021-01-28 2022-07-28 Robert Bosch Gmbh System and method for detection and deflection of attacks on in-vehicle controllers and networks
CN114785543A (en) * 2022-03-09 2022-07-22 西安电子科技大学 In-vehicle network cross-domain communication method, computer equipment and intelligent terminal
US20240113867A1 (en) * 2022-09-30 2024-04-04 General Electric Company Methods and systems for starting secure communication in systems with high availability
US12284272B2 (en) * 2022-09-30 2025-04-22 General Electric Company Methods and systems for starting secure communication in systems with high availability

Also Published As

Publication number Publication date
DE102019103419A1 (en) 2019-10-02
JP6950605B2 (en) 2021-10-13
JP2019176258A (en) 2019-10-10
DE102019103419B4 (en) 2025-12-04
US11218309B2 (en) 2022-01-04
CN110312232B (en) 2022-06-24
CN110312232A (en) 2019-10-08

Similar Documents

Publication Publication Date Title
US11218309B2 (en) Vehicle communication system and vehicle communication method
US11436873B2 (en) Encrypted communication system and method for controlling encrypted communication system
US11606341B2 (en) Apparatus for use in a can system
US10965450B2 (en) In-vehicle networking
US11212087B2 (en) Management system, key generation device, in-vehicle computer, management method, and computer program
US11265170B2 (en) Vehicle information collection system, vehicle-mounted computer, vehicle information collection device, vehicle information collection method, and computer program
JP5818392B2 (en) Wireless communication device
US11546173B2 (en) Methods, application server, IoT device and media for implementing IoT services
US20180244238A1 (en) Unauthorized access event notification for vehicle electronic control units
US11095453B2 (en) Communication network system and count-value sharing method using count-value notification node with transmission node and reception node
US11228602B2 (en) In-vehicle network system
US9998476B2 (en) Data distribution apparatus, communication system, moving object, and data distribution method
CN101990748A (en) Method and device for transmitting messages in real time
US20220191045A1 (en) Implementation of a butterfly key expansion scheme
US20230412369A1 (en) Communication system, information processing device, information processing method, and computer program product
JP6729732B2 (en) Cryptographic communication system
US20250286708A1 (en) Information processing device, quantum cryptographic communication system, information processing method, and computer program product
JP2017050795A (en) Method for data transfer between automobile electronic control devices
CN116863565A (en) Intelligent door lock control method and device based on secret key

Legal Events

Date Code Title Description
AS Assignment

Owner name: TOYOTA JIDOSHA KABUSHIKI KAISHA, JAPAN

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:NAKAGAWA, MASASHI;REEL/FRAME:048689/0043

Effective date: 20190125

FEPP Fee payment procedure

Free format text: ENTITY STATUS SET TO UNDISCOUNTED (ORIGINAL EVENT CODE: BIG.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

STPP Information on status: patent application and granting procedure in general

Free format text: NON FINAL ACTION MAILED

STPP Information on status: patent application and granting procedure in general

Free format text: RESPONSE TO NON-FINAL OFFICE ACTION ENTERED AND FORWARDED TO EXAMINER

STPP Information on status: patent application and granting procedure in general

Free format text: FINAL REJECTION MAILED

STPP Information on status: patent application and granting procedure in general

Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION

STPP Information on status: patent application and granting procedure in general

Free format text: NOTICE OF ALLOWANCE MAILED -- APPLICATION RECEIVED IN OFFICE OF PUBLICATIONS

STPP Information on status: patent application and granting procedure in general

Free format text: PUBLICATIONS -- ISSUE FEE PAYMENT VERIFIED

STCF Information on status: patent grant

Free format text: PATENTED CASE

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 4TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1551); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

Year of fee payment: 4